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IN THE CLAIMS ; 

Please amend claims 1, 4, 5, 7, 10, and 11 as indicated 
below. 

A listing of the status of all claims 1-12 in the present 
patent application is provided below. 

1 (Currently Amended) . A method for enabling a firewall to 
securely pass encrypted data, the method comprising: 

detecting , at a firewall, an exchange of a first encryption 
key between a host device and a remote device, wherein the first 
encryption key supports confidentiality protection of first data 
exchanged between the host device and the remote device 
according to a first security polic y, and wherein detecting the 
exchange is initiated by the firewall ; 

exchanging a second encryption key between the firewall and 
with the host device when the exchange of the first encryption 
key is detected at the firewall , wherein the exchange of the 
second encryption key supports confidentiality protection of 
second data exchanged between the firewall and the host device 
according to a second security policy; 

requesting_^ at the firewall, based at least in part upon 
the second security policy, the first encryption key from the 
host devicerj_ wherein the first encryption key is sent under the 
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protection of the second encryption key and in accordance with 

the second security policy; and 

passing encrypted data when it is determined that the first 

encryption key is received. 

2 (Original) . The method of claim 1, further comprising: 

not allowing encrypted data to pass when it is determined 
that the first encryption key is not received. 

3 (Original) . The method of claim 1, wherein the step of 
detecting an exchange of a first encryption key further 
comprises : 

monitoring Internet Key Exchange (IKE) protocol data 
traffic to determine whether the first encryption key is 
exchanged . 

4 (Currently Amended) . A method for enabling a firewall to 
selectively monitor encrypted data traffic, the method 
comprising : 

detecting , at a firewall, an exchange of a first encryption 
key between a host device and a remote device, wherein the first 
encryption key enables confidentiality protection of first data 
exchanged between the host device and the remote device 
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according to a first security policy , and wherein detecting the 

exchange is initiated by the firewall ; 

exchanging a second encryption key between the firewall and 
with — the host device when the exchange of the first key is 
detected at the firewall , wherein the exchange of the second 
encryption key enables confidentiality protection of second data 
exchanged between the firewall and the host device according to 
a second security policy; 

requesting_j_ at the firewall, based at least in part upon 
the second security policy, the first encryption key from the 
host device wherein the first encryption key is sent under the 
protection of the second encryption key and in accordance with 
the second security policy; and 

decrypting encrypted data, at the firewall, u sing the first 
encryption key, according to a predetermined monitoring policy. 

5 (Currently Amended) . A method for enabling a firewall to 
selectively pass protocols and services, the method comprising: 

detecting , at a firewall, an exchange of a first encryption 
key between a host device and a remote device, wherein the first 
encryption key supports confidentiality protection of first data 
exchanged between the host device and the remote device 
according to a first security polic y, and wherein detecting the 
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exchange is initiated by the firewall ; 

exchanging a second encryption key between the firewall and 
with the host device when the exchange of the first encryption 
key is detected at the firewall , wherein the exchange of the 
second encryption key supports confidentiality protection of 
second data exchanged between the firewall and the host device 
according to a second security policy; 

requesting_j_ at the firewall, based at least in part upon 
the second security policy, the first encryption key from the 
host device, wherein the first encryption key is sent under the 
protection of the second encryption key and in accordance with 
the second security policy; 

decrypting encrypted data, at the firewall, using the first 
encryption key; and 

applying a predetermined filtering policy to the decrypted 

data . 

6 (Original) . The method of claim 5, further comprising: 

re-encrypting the decrypted data. 

7 (Currently Amended) . A firewall apparatus that securely 
passes encrypted data, the apparatus comprising: 

an exchange detector , at a firewall, for detecting an 
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exchange of a first encryption key between a host device and a 

remote device, wherein the first encryption key supports 

confidentiality protection of first data exchanged between the 

host device and the remote device according to a first security 

polic y, and wherein detecting the exchange is initiated by the 

exchange detector ; 

a key exchanger , at the firewall, for exchanging a second 
encryption key between the firewall and w jrfete — the host device 
when the exchange of the first encryption key is detecte d at the 
firewall , wherein the exchange of the second encryption key 
supports confidentiality protection of second data exchanged 
between the firewall and the host device according to a second 
security policy; 

a key requestor , at the firewall, for requesting — at — fefee 
firewall , based at least in part upon the second security 
policy, the first encryption key from the host device-^^ wherein 
the first encryption key is sent under the protection of the 
second encryption key and in accordance with the second security 
policy; and 

an encrypted data passer , at the firewall, for passing 
encrypted data when it is determined that the first encryption 
key is received. 
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8 (Original) . The apparatus of claim 7, further comprising: 

an encrypted data blocker for not allowing encrypted data 
to pass when it is determined that the first encryption key is 
not received. 

9 (Original) . The apparatus of claim 7, wherein the exchange 
detector further comprises: 

a monitor for monitoring Internet Key Exchange (IKE) 
protocol data traffic to determine whether the first encryption 
key is exchanged. 

10 (Currently Amended) . A firewall apparatus for selectively 
monitoring encrypted data traffic, the apparatus comprising: 

an exchange detector , at a firewall, for detecting an 
exchange of a first encryption key between a host device and a 
remote device, wherein the first encryption key enables 
confidentiality protection of first data exchanged between the 
host device and the remote device according to a first security 
policy , and wherein detecting the exchange is initiated by the 
exchange detector ; 

a key exchanger , at the firewall, for exchanging a second 
encryption key with the host device when the exchange of the 
first key is detected, wherein the exchange of the second 
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encryption key enables confidentiality protection of second data 

exchanged between the firewall and the host device according to 

a second security policy; 

a requestor , at the firewall, for requesting a* fehe 

firewall , based at least in part upon the second security 

policy, the first encryption key from the host device wherein 

the first encryption key is sent under the protection of the 

second encryption key and in accordance with the second security 

policy; and 

a decryptor , at the firewall, for decrypting encrypted 
data, using the first encryption key, according to a 
predetermined monitoring policy. 

11 {Currently Amended) . A firewall apparatus for selectively 
passing protocols and services, the method comprising: 

an exchange detector , at a firewall, for detecting an 
exchange of a first encryption key between a host device and a 
remote device, wherein the first encryption key supports 
confidentiality protection of first data exchanged between the 
host device and the remote device according to a first security 
policy , and wherein detecting the exchange is initiated by the 
exchange detector ; 

a key exchanger , at the firewall, for exchanging a second 
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encryption key with the host device when the exchange of the 

first encryption key is detected, wherein the exchange of the 

second encryption key supports confidentiality protection of 

second data exchanged between the firewall and the host device 

according to a second security policy; 

a requestor , at the firewall, for requesting — at fefee 

firewall , based at least in part upon the second security 

policy, the first encryption key from the host device, wherein 

the first encryption key is sent under the protection of the 

second encryption key and in accordance with the second security 

policy; 

a decrypt or , at the firewall, for decrypting encrypted 
data, using the first encryption key; and 

a filter , at the firewall, for applying a predetermined 
filtering policy to the decrypted data. 

12 (Original). The apparatus of claim 11, further comprising: 
an encryptor for re-encrypting the decrypted data. 
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